KnowTrace

Security

How we protect your data and ensure your privacy

Encryption
Your data is encrypted at rest and in transit using industry-leading practices
  • All data transmissions use TLS 1.2+ encryption
  • Field-level encryption: Sensitive content (emails, documents, summaries) encrypted with AES-256-GCM
  • OAuth tokens and credentials encrypted before database storage using AES-256-GCM
  • Key derivation using PBKDF2 with 100,000 iterations for enhanced security
  • Automatic IV/nonce generation per encryption operation
  • Built-in integrity verification via authentication tags
Access Controls
Multi-layered security to protect your information
  • Row-level security (RLS) policies ensure complete data isolation between users
  • Authentication required for all operations via Clerk OAuth 2.0
  • Role-based access controls (RBAC) limit data access based on user permissions
  • OAuth 2.0 for secure third-party integrations - we never see your passwords
  • Encryption keys validated on startup - no default keys allowed
  • Minimal permissions: Only necessary OAuth scopes requested
Privacy by Design
We minimize data collection and retention - your data, your control
  • Never selling data: We do not, and will never, sell your data
  • Smart content caching: Only high-value content is cached, low-value content fetched on-demand
  • Automatic expiration: Cached content automatically expires after 30 days (high-value) or 7-14 days (medium-value)
  • Data minimization: We only store what's necessary - metadata and embeddings for search, content cached temporarily
  • Purpose-specific collection: Data collected only when it serves an explicit purpose
  • GDPR and CCPA compliant data handling practices
  • User-controlled data deletion with complete removal
Compliance & Security Audits
Regular testing and compliance verification
  • GDPR compliant: Full compliance with European data protection regulations
  • CCPA & CPRA compliant: Compliance with California privacy laws
  • Regular penetration testing by third-party security firms
  • Automated vulnerability scanning on all code and dependencies
  • Security code reviews for all changes
  • SOC 2 Type II compliance (roadmap)
  • ISO 27001 compliance roadmap
Infrastructure Security
Secure cloud infrastructure with enterprise-grade protection
  • Hosted on secure cloud infrastructure (Vercel) with 99.9% uptime SLA
  • Regular automated backups with point-in-time recovery capabilities
  • DDoS protection and comprehensive rate limiting
  • Network security with firewall protection
  • Security headers: HSTS, CSP, X-Frame-Options, and more configured
  • 24/7 security monitoring and incident response
Reporting Security Issues
Responsible disclosure program

If you discover a security vulnerability, please report it to us at our contact page. We appreciate responsible disclosure and will work with you to address any issues.